Skills
skills/sales-skills/sales/social-card-gen/Gen Agent Trust Hub

social-card-gen

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The generate.js script includes functionality to fetch content from remote URLs using the fetch API when the --url flag is used.
  • [COMMAND_EXECUTION]: The skill includes a standalone Node.js script (generate.js) and provides instructions for users to execute it locally to automate post generation.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted text from external files or URLs without sufficient sanitization or boundary markers.
  • Ingestion points: Untrusted data enters the agent's context through file reads (--file) and network fetches (--url) in generate.js, or via direct text input in the manual path.
  • Boundary markers: The skill does not employ delimiters or instructions to ignore embedded commands within the source content.
  • Capability inventory: The tool can read from the filesystem, write to the filesystem, and perform network operations.
  • Sanitization: Input cleaning is limited to removing Markdown and HTML tags, which does not prevent adversarial natural language instructions from influencing the AI's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:05 AM